Page 213 - 《软件学报》2025年第10期

P. 213

4610 软件学报 2025 年第 36 卷第 10 期

[11] Chen QY, Li SP, Yan M, Xia X. Code clone detection: A literature review. Ruan Jian Xue Bao/Journal of Software, 2019, 30(4): 962–980
(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5711.htm [doi: 10.13328/j.cnki.jos.005711]
[12] Li JY, Ernst MD. CBCD: Cloned buggy code detector. In: Proc. of the 34th Int’l Conf. on Software Engineering (ICSE). Zurich: IEEE,
2012. 310–320. [doi: 10.1109/ICSE.2012.6227183]
[13] Neuhaus S, Zimmermann T, Holler C, Zeller A. Predicting vulnerable software components. In: Proc. of the 14th ACM Conf. on
Computer and Communications Security. Alexandria: ACM, 2007. 529–540. [doi: 10.1145/1315245.1315311]
[14] Jang J, Agrawal A, Brumley D. ReDeBug: Finding unpatched code clones in entire OS distributions. In: Proc. of the 2012 IEEE Symp. on
Security and Privacy. San Francisco: IEEE, 2012. 48–62. [doi: 10.1109/SP.2012.13]
[15] Li HZ, Kwon H, Kwon J, Lee H. A scalable approach for vulnerability discovery based on security patches. In: Proc. of the 2014 Int’l
Conf. on Applications and Techniques in Information Security. Melbourne: Springer, 2014. 109–122. [doi: 10.1007/978-3-662-45670-
5_11]
[16] Yamaguchi F, Lottmann M, Rieck K. Generalized vulnerability extrapolation using abstract syntax trees. In: Proc. of the 28th Annual
Computer Security Applications Conf. Orlando: ACM, 2012. 359–368. [doi: 10.1145/2420950.2421003]
[17] Pham NH, Nguyen TT, Nguyen HA, Nguyen TN. Detection of recurring software vulnerabilities. In: Proc. of the 25th IEEE/ACM Int’l
Conf. on Automated Software Engineering. Antwerp: ACM, 2010. 447–456. [doi: 10.1145/1858996.1859089]
[18] Yamaguchi F, Golde N, Arp D, Rieck K. Modeling and discovering vulnerabilities with code property graphs. In: Proc. of the 2014 IEEE
Symp. on Security and Privacy. Berkeley: IEEE, 2014. 590–604. [doi: 10.1109/SP.2014.44]
[19] Wang L, Li F, Li L, Feng XB. Principle and practice of taint analysis. Ruan Jian Xue Bao/Journal of Software, 2017, 28(4): 860–882 (in
Chinese with English abstract). http://www.jos.org.cn/1000-9825/5190.htm [doi: 10.13328/j.cnki.jos.005190]
[20] Liang B, Hou KK, Shi WC, Liang ZH. A static vulnerabilities detection method based on security state tracing and checking. Chinese
Journal of Computers, 2009, 32(5): 899–909. (in Chinese with English abstract). [doi: 10.3724/SP.J.1016.2009.00899]
[21] Viega J, Bloch JT, Kohno Y, McGraw G. ITS4: A static vulnerability scanner for C and C++ code. In: Proc. of the 16th Annual Computer
Security Applications Conf. (ACSAC 2000). New Orleans: IEEE, 2000. 257–267. [doi: 10.1109/ACSAC.2000.898880]
[22] Walden J, Doyle M. SAVI: Static-analysis vulnerability indicator. IEEE Security & Privacy, 2012, 10(3): 32–39. [doi: 10.1109/MSP.2012.1]
[23] Baloglu B. How to find and fix software vulnerabilities with coverity static analysis. In: Proc. of the 2016 IEEE Cybersecurity
Development (SecDev). Boston: IEEE, 2016. 153. [doi: 10.1109/SecDev.2016.041]
[24] Cheng X, Wang HY, Hua JY, Zhang M, Xu GA, Yi L, Sui YL. Static detection of control-flow-related vulnerabilities using graph
embedding. In: Proc. of the 24th Int’l Conf. on Engineering of Complex Computer Systems (ICECCS). Guangzhou: IEEE, 2019. 41–50.
[doi: 10.1109/ICECCS.2019.00012]
[25] Zheng W, Gao JL, Wu XX, Liu FY, Xun YX, Liu GL, Chen X. The impact factors on the performance of machine learning-based
vulnerability detection: A comparative study. Journal of Systems and Software, 2020, 168: 110659. [doi: 10.1016/j.jss.2020.110659]
[26] Li Z, Zou DQ, Xu SH, Jin H, Zhu YW, Chen ZX. SySeVR: A framework for using deep learning to detect software vulnerabilities. IEEE
Trans. on Dependable and Secure Computing, 2022, 19(4): 2244–2258. [doi: 10.1109/TDSC.2021.3051525]
[27] Gao J, Yang X, Fu Y, Jiang Y, Sun JG. VulSeeker: A semantic learning based vulnerability seeker for cross-platform binary. In: Proc. of
the 33rd ACM/IEEE Int’l Conf. on Automated Software Engineering. Montpellier: IEEE, 2018. 896–899. [doi: 10.1145/3238147.
3240480]
[28] Zhou YQ, Liu SQ, Siow JK, Du XN, Liu Y. Devign: Effective vulnerability identification by learning comprehensive program semantics
via graph neural networks. In: Proc. of the 33rd Int’l Conf. on Neural Information Processing Systems. Vancouver: Curran Associates
Inc., 2019. 10197–10207.
[29] Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M. Automated vulnerability detection in
source code using deep representation learning. In: Proc. of the 17th IEEE Int’l Conf. on Machine Learning and Applications (ICMLA).
Orlando: IEEE, 2018. 757–762. [doi: 10.1109/ICMLA.2018.00120]
[30] Li Z, Zou DQ, Xu SH, Ou XY, Jin H, Wang SJ, Deng ZJ, Zhong YY. VulDeePecker: A deep learning-based system for vulnerability
detection. arXiv:1801.01681, 2018.
[31] Chakraborty S, Krishna R, Ding YRB, Ray B. Deep learning based vulnerability detection: Are we there yet. IEEE Trans. on Software
Engineering, 2022, 48(9): 3280–3296. [doi: 10.1109/TSE.2021.3087402]
[32] Beaman C, Redbourne M, Mummery JD, Hakak S. Fuzzing vulnerability discovery techniques: Survey, challenges and future directions.
Computers & Security, 2022, 120: 102813. [doi: 10.1016/j.cose.2022.102813]
[33] Garg A, Ojdanic M, Degiovanni R, Chekam TT, Papadakis M, Le Traon Y. Cerebro: Static subsuming mutant selection. IEEE Trans. on
Software Engineering, 2023, 49(1): 24–43. [doi: 10.1109/TSE.2022.3140510]
[34] Ma YS, Offutt J, Kwon YR. MuJava: An automated class mutation system. Software Testing, Verification and Reliability, 2005, 15(2):

208 209 210 211 212 213 214 215 216 217 218